Skip to main content
To KTH's start page To KTH's start page

Personal certificates

Here you can find information about personal certificates at KTH.

Personal certificates can be downloaded at .

As Institution, choose KTH Royal Institute of Technology; you may also need to allow Sectigo to receive your name and email address.

To download a certificate you must be registered as a student or employee. KTH must also have verified your identity, typically by showing your passport or ID at KTH Entré. If you identity is not verified, your download will be denied:

Digital Certificate Enrollment
You are not allowed to self enroll. Please contact your security administrator.

Contact in this case.

Otherwise, verify that your name is correct – the spelling must match your passport or ID, otherwise KTH's information must be updated – and choose

Certificate Profile: GÉANT Personal Certificate

If you let Sectigo generate the certificate, enter a password for encryption. You will receive the certificate in a PKCS#12 formatted file, as certs.p12. You can (using the password) import this in web browsers, email clients, etc. 

Note: Do not click the SUBMIT button multiple times. This may accidentally generate multiple certificates.

Locally generated key and CSR

To genereate the certificate yourself, e.g. using OpenSSL, create a directory and cd to it. You may want to have the current date in the directory name, and again, the spelling of your name must be correct! Then do

  openssl req -new -newkey rsa:2048 -out usercert_request.pem -keyout userkey.pem -subj '/CN=My Name'

  chmod go= userkey.pem

In Sectigo's portal, then choose Upload CSR and upload the usercert_request.pem you created. You will receive the certificate in PEM format, as certs.pem. Using this you can create a PKCS#12 file that can be imported in browsers, etc.:

  openssl pkcs12 -export -inkey userkey.pem -in certs.pem -out certs.p12

You will need to set a password that will be used when you import the certificate.


Grid certificates are used to access Grid resources, for example using GSI-OpenSSH  (gsissh), a part of the Grid Community Toolkit  maintained by Grid Community Forum .

Grid certificates are downloaded just like personal certificates, except that you should select

Certificate Profile: GÉANT IGTF_MICS Personal